I have an open iPhone with scope and protocol analyser ready to reverse the iphonesimfree unlock (much like a lot of other engineers around the world I suspect). It should be relatively trivial to reverse, as the way into the baseband is just a serial port.

That's why iphonesimfree are releasing it the way they are. They want to maximise their profit, they know the method should be reversed within a matter of hours of it being publicly released, hence the 500 license minimum, and their reseller approach.

I have an open iPhone with scope and protocol analyser ready to reverse the iphonesimfree unlock (much like a lot of other engineers around the world I suspect). It should be relatively trivial to reverse, as the way into the baseband is just a serial port.

That's why iphonesimfree are releasing it the way they are. They want to maximise their profit, they know the method should be reversed within a matter of hours of it being publicly released, hence the 500 license minimum, and their reseller approach.

I'd bet it's even easier than fooling their backend servers. I don't see anyway they can protect their software from being reversed in a couple of hours. Ultimately they are talking to the baseband over a unsecured internal serial port. From the video released today, they are clearly patching the firmware, not generating valid NCK codes to unlock the "standard" way.

Tap the internal serial traces on the PCB with a scope/protocol analyser, and you've got a transcript of every character sent to the baseband over its serial port. Maybe a little disassembly to see what it's actually doing for interest purposes, then package it into an arm-macho binary, and you've got a free software unlock.

I'd say the only reason they are gathering IMEIs is to administer and control their licensing.